Make BuildManifest.apk available in CompOS
Bug: 206869687
Test: See /mnt/extra-apk/0/assets/build_manifest in the VM
Change-Id: Ieb687804a5d8d9df9ec8ab565b006d53e6ad6363
diff --git a/compos/common/compos_client.rs b/compos/common/compos_client.rs
index 3bb066f..4216e1a 100644
--- a/compos/common/compos_client.rs
+++ b/compos/common/compos_client.rs
@@ -73,6 +73,7 @@
service: &dyn IVirtualizationService,
instance_image: File,
idsig: &Path,
+ idsig_manifest_apk: &Path,
parameters: &VmParameters,
) -> Result<VmInstance> {
let instance_fd = ParcelFileDescriptor::new(instance_image);
@@ -83,19 +84,12 @@
let apk_fd = File::open(apex_dir.join("app/CompOSPayloadApp/CompOSPayloadApp.apk"))
.context("Failed to open config APK file")?;
let apk_fd = ParcelFileDescriptor::new(apk_fd);
+ let idsig_fd = prepare_idsig(service, &apk_fd, idsig)?;
- if !idsig.exists() {
- // Prepare idsig file via VirtualizationService
- let idsig_file = File::create(idsig).context("Failed to create idsig file")?;
- let idsig_fd = ParcelFileDescriptor::new(idsig_file);
- service
- .createOrUpdateIdsigFile(&apk_fd, &idsig_fd)
- .context("Failed to update idsig file")?;
- }
-
- // Open idsig as read-only
- let idsig_file = File::open(idsig).context("Failed to open idsig file")?;
- let idsig_fd = ParcelFileDescriptor::new(idsig_file);
+ let manifest_apk_fd = File::open("/system/etc/security/fsverity/BuildManifest.apk")
+ .context("Failed to open build manifest APK file")?;
+ let manifest_apk_fd = ParcelFileDescriptor::new(manifest_apk_fd);
+ let idsig_manifest_apk_fd = prepare_idsig(service, &manifest_apk_fd, idsig_manifest_apk)?;
let (console_fd, log_fd, debug_level) = if parameters.debug_mode {
// Console output and the system log output from the VM are redirected to file.
@@ -117,6 +111,7 @@
instanceImage: Some(instance_fd),
configPath: config_path.to_owned(),
debugLevel: debug_level,
+ extraIdsigs: vec![idsig_manifest_apk_fd],
..Default::default()
});
@@ -165,6 +160,26 @@
}
}
+fn prepare_idsig(
+ service: &dyn IVirtualizationService,
+ apk_fd: &ParcelFileDescriptor,
+ idsig_path: &Path,
+) -> Result<ParcelFileDescriptor> {
+ if !idsig_path.exists() {
+ // Prepare idsig file via VirtualizationService
+ let idsig_file = File::create(idsig_path).context("Failed to create idsig file")?;
+ let idsig_fd = ParcelFileDescriptor::new(idsig_file);
+ service
+ .createOrUpdateIdsigFile(apk_fd, &idsig_fd)
+ .context("Failed to update idsig file")?;
+ }
+
+ // Open idsig as read-only
+ let idsig_file = File::open(idsig_path).context("Failed to open idsig file")?;
+ let idsig_fd = ParcelFileDescriptor::new(idsig_file);
+ Ok(idsig_fd)
+}
+
struct VsockFactory<'a> {
vm: &'a dyn IVirtualMachine,
}
diff --git a/compos/common/lib.rs b/compos/common/lib.rs
index 9a4d0e3..66ce8cb 100644
--- a/compos/common/lib.rs
+++ b/compos/common/lib.rs
@@ -58,6 +58,10 @@
/// The file that holds the idsig for the CompOS Payload APK.
pub const IDSIG_FILE: &str = "idsig";
+/// The file that holds the idsig for the build manifest APK (that makes enumerated files from
+/// /system available in CompOS).
+pub const IDSIG_MANIFEST_APK_FILE: &str = "idsig_manifest_apk";
+
/// The path within our config APK of our default VM configuration file, used at boot time.
pub const DEFAULT_VM_CONFIG_PATH: &str = "assets/vm_config.json";